Types of Malware Attacks

Questions and Answers

What is the primary purpose of a phishing attack?

• To exploit vulnerabilities in a SQL database
• To intercept and alter communications between two parties
• To trick victims into revealing sensitive information (correct)
• To disrupt online services by flooding them with requests

Which type of attack typically uses multiple compromised devices to overwhelm a target?

• Denial of Service (DoS)
• Distributed Denial of Service (DDoS) (correct)
• Phishing Attack
• Brute Force Attack

What occurs during a Man-in-the-Middle (MitM) attack?

• SQL code is manipulated through user input fields
• Communications are intercepted and altered between two parties (correct)
• Malicious scripts are injected into trusted websites
• Attackers flood a system with requests

How do SQL Injection (SQLi) attacks primarily function?

By inputting malicious SQL code through user input fields (B)

What is the main goal of a Cross-Site Scripting (XSS) attack?

To steal sensitive data using malicious scripts (A)

What characterizes a brute force attack?

Systematically trying all possible combinations to guess passwords (B)

Which of the following techniques is NOT commonly associated with password attacks?

Eavesdropping (D)

What technique do attackers often use in a dictionary attack?

Using commonly used words or phrases to crack passwords (B)

Which malware type interrupts communication between two parties without their knowledge?

Man-in-the-Middle (MitM) attack (B)

What is the effect of a Denial of Service (DoS) attack?

It floods a system making it unavailable to legitimate users (D)

What is a supply chain attack primarily targeting?

Vulnerabilities in hardware or software (B)

Which tool is commonly used for capturing unencrypted data in transit?

Wireshark (C)

What does cryptojacking primarily involve?

Mining cryptocurrency using victim's resources (D)

What is a common characteristic of DNS spoofing?

Injecting false DNS information (A)

What characterizes a ransomware attack?

It encrypts files and demands a ransom for restoration. (D)

In a watering hole attack, the attackers compromise which type of resource?

Specific websites frequented by a target group (D)

Which type of devices are targeted in IoT-based attacks?

Smart home devices (B)

Which of the following is a common technique used in social engineering attacks?

Baiting (A)

Why are zero-day attacks particularly dangerous?

They exploit vulnerabilities that are unknown to the vendor. (B)

How does cryptojacking usually propagate?

Infected software downloads (A)

What type of attack could involve the installation of malware during manufacturing?

Supply chain attack (D)

An advanced persistent threat (APT) is characterized by which of the following?

Long-term infiltration of a network for espionage. (C)

What is a drive-by download attack?

Malicious software is downloaded without user interaction. (A)

What is a potential consequence of DNS spoofing?

Redirecting users to phishing sites (D)

What best describes an insider threat?

Harmful actions taken by someone within the organization. (B)

Which attack utilizes compromised industry-specific websites to target users?

Watering hole attack (C)

Session hijacking allows attackers to do what?

Impersonate a user by taking control of their session. (B)

What is the primary goal of an eavesdropping attack?

To listen in on network traffic and steal sensitive data. (C)

Which type of attack typically does NOT require user interaction?

Drive-by download attack (D)

Which option best describes the exploitation of vulnerabilities in a zero-day attack?

The vulnerabilities are unknown to the vendor at the time of the attack. (A)

Flashcards

Denial of Service (DoS)

An attack that floods a system, server, or network with excessive requests, making it unavailable to legitimate users.

Distributed Denial of Service (DDoS)

A large-scale version of DoS attack that uses multiple compromised devices (botnets) to overwhelm the target.

Man-in-the-Middle (MitM) Attack

Attackers intercept and alter communication between two parties without their knowledge, often used to steal data or inject malicious content.

SQL Injection (SQLi)

Attackers exploit vulnerabilities in an application's SQL database queries to manipulate the database, potentially leading to unauthorized access to sensitive data.

Cross-Site Scripting (XSS)

Attackers inject malicious scripts, usually JavaScript, into trusted websites, which is executed in a victim's browser, potentially stealing cookies or credentials.

Brute Force Attack

A method of attempting to guess passwords or login credentials by systematically trying all possible combinations, often using automated tools.

Password Attack

Techniques used to steal or crack user passwords, including brute force, dictionary attacks, and rainbow tables.

Ransomware Attack

Malware that encrypts files or locks users out of their system and demands a ransom (usually in cryptocurrency) to restore access. Typically spread via phishing emails, malicious downloads, or exploiting software vulnerabilities. Targets individuals, businesses, and critical infrastructure.

Social Engineering Attack

Relies on psychological manipulation to trick individuals into divulging confidential information or performing harmful actions. Common tactics include impersonation, pretexting, baiting, and tailgating. Often used to bypass security measures such as firewalls and encryption.

Zero-Day Attack

Targets vulnerabilities in software or hardware that are unknown to the vendor or have not been patched. Since the vulnerability is unpatched, attacks can cause significant damage before detection or mitigation. Exploits can be sold on the dark web or used in espionage campaigns.

Advanced Persistent Threat (APT)

Long-term, targeted attack in which attackers infiltrate a network and remain undetected for an extended period. Typically used for espionage, stealing intellectual property, or data exfiltration. Often state-sponsored or carried out by well-funded groups with sophisticated tools.

Drive-By Download Attack

Occurs when a user unknowingly downloads malicious software just by visiting a compromised or malicious website. Does not require any user interaction (e.g., clicking on a link or downloading a file). Often exploits vulnerabilities in browsers or plugins (e.g., Flash, Java).

Insider Threat

A malicious attack or data breach carried out by someone within an organization. The insider may be an employee, contractor, or partner with legitimate access to sensitive information. Can be motivated by financial gain, revenge, or corporate espionage.

Session Hijacking

Attackers take control of a user's session by stealing or predicting session tokens. Often occurs in web applications, allowing attackers to impersonate the user. Typically happens when session management is not secure, such as in HTTP cookies.

Eavesdropping Attack (Sniffing)

Attackers listen in on network traffic to steal sensitive data like passwords or credit card information. Usually conducted on unsecured networks or via compromised network devices.

Supply Chain Attack

A type of cyberattack that targets the vulnerabilities within the supply chain of hardware, software, or service providers in order to compromise the end user.

Cryptojacking

Attackers use a victim's computer or network for cryptocurrency mining without their knowledge, causing performance issues.

DNS Spoofing

This attack manipulates DNS resolution, redirecting users to malicious websites instead of legitimate ones.

Watering Hole Attack

Attackers compromise a website often visited by a target group, infecting them with malware when they visit.

IoT-Based Attacks

These exploit vulnerabilities in IoT devices, often lacking strong security measures, for various malicious purposes.

Packet Sniffing

This involves capturing unencrypted data in transit using tools like Wireshark or tcpdump.

Data in Transit

This involves capturing unencrypted data in transit using tools like Wireshark or tcpdump.

Packet Capture

This involves capturing unencrypted data packets using specialized software or techniques.

Packet Sniffers

These are tools that can be used to capture unencrypted data in transit.

Wireshark and tcpdump

Wireshark and tcpdump are examples of tools used for capturing unencrypted data.

Study Notes

Types of Malware Attacks

• Phishing: A social engineering attack tricking victims into providing sensitive information like passwords or credit card details. It often uses deceptive emails, messages, or websites that appear legitimate. Commonly used to distribute malware or steal login credentials.

Types of Attacks (Continued)

• Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS): DoS floods a system with excessive requests to make it unavailable to legitimate users. DDoS uses multiple compromised devices (botnets) for large-scale attacks. Disrupts services, causing downtime and financial losses. Examples include SYN flood, HTTP flood, Ping of Death.

• Man-in-the-Middle (MitM) Attack: Attackers intercept and alter communication between two parties without their knowledge. Often used to steal sensitive data, eavesdrop on conversations, or inject malicious content. Can occur over unsecured networks (e.g., public Wi-Fi) or through compromised routers.

• SQL Injection (SQLi): Exploits vulnerabilities in an application's SQL database queries. Attackers inject malicious SQL code through user input fields (login forms) to manipulate the database. Can lead to unauthorized access, data deletion, or database control. Examples include Blind SQL injection, Union-based SQL injection.

• Cross-Site Scripting (XSS): Injects malicious scripts (usually JavaScript) into trusted websites. The script runs in a victim's browser, allowing attackers to steal session cookies, credentials, or deliver malware. Common in websites allowing user-generated content without validation.

• Brute Force Attack: Attempts to guess passwords, encryption keys, or login credentials by systematically trying all possible combinations. Can be time-consuming without additional tools, but effective against weak passwords. Variations include dictionary attacks and credential stuffing.

• Password Attack: Attackers try to steal or crack user passwords using various techniques like brute force, dictionary attacks, and rainbow tables (precomputed hash lookups). May also involve phishing, keylogging, or social engineering.

• Ransomware Attack: Malware encrypts files or locks users out of their system, demanding a ransom (typically cryptocurrency) to restore access. Spreads through phishing emails, malicious downloads, or vulnerabilities. Targets individuals, businesses, and critical infrastructure. Examples include WannaCry, Ryuk, REvil.

• Social Engineering Attack: Relies on psychological manipulation to trick individuals into divulging confidential information or performing harmful actions. Common tactics include impersonation, pretexting, baiting, and tailgating. Used to bypass security measures like firewalls and encryption.

• Zero-Day Attack: Targets unknown vulnerabilities in software or hardware that haven't been patched by the vendor. Can cause significant damage before detection or mitigation. Exploits can be sold on the dark web or used in espionage campaigns. Examples include Stuxnet, Operation Aurora.

Types of Attacks (Continued)

• Advanced Persistent Threat (APT): A long-term, targeted attack where attackers infiltrate a network and remain undetected for an extended period. Typically used for espionage, stealing intellectual property, or data exfiltration. Often state-sponsored or carried out by well-funded groups.

• Drive-By Download Attack: Downloads malicious software by simply visiting a compromised or malicious website. Does not require user interaction (e.g., clicking a link). Often exploits vulnerabilities in browsers or plugins. Examples include Malvertising (malicious ads) and Watering hole attacks.

• Insider Threat: A malicious attack carried out by someone within an organization. The insider may be an employee, contractor, or partner with legitimate access. Motivations may include financial gain, revenge, or corporate espionage.

• Session Hijacking: Attackers take control of a user's session by stealing or predicting session tokens. Common in web applications, allowing impersonation. Often occurs when session management is not secure, such as in HTTP cookies.

• Eavesdropping Attack (Sniffing): Attackers listen in on network traffic to steal sensitive data like passwords or credit card information. Usually conducted on unsecured networks or via compromised network devices. Tools like packet sniffers are used to capture unencrypted data in transit. Examples of tools include Wireshark, tcpdump.

• Supply Chain Attack: Targets vulnerabilities in the supply chain of hardware, software, or service providers to compromise the end-user. Can involve malware installation during manufacturing, distribution, or software updates. Allows attackers to infiltrate highly trusted systems. Examples include SolarWinds attack, Target breach.

• Cryptojacking: Attackers hijack a victim's computer or network resources to mine cryptocurrency. Operates in the background, often without the user's knowledge, causing system slowdowns or overheating. Spreads through malicious websites, ads, or infected software downloads. Examples include Coinhive, PowerGhost.

• DNS Spoofing (DNS Cache Poisoning): Manipulates the DNS resolution process to redirect users to malicious websites instead of legitimate ones. Attackers inject false DNS information into the cache. Used to steal sensitive information or infect systems with malware. Tools include dnsspoof, Ettercap.

• Watering Hole Attack: Attackers compromise a specific website or online resource frequently visited by a target group. Infects users with malware or redirects them to malicious pages. Often used in highly targeted attacks. Examples include compromised industry-specific websites.

• IoT-Based Attacks: Exploits vulnerabilities in Internet of Things (IoT) devices. Devices often lack strong security measures, making them vulnerable to botnets or remote control. Used in large-scale DDoS attacks, data breaches, or for spying. Examples include Mirai botnet.

Description

Test your knowledge on various types of malware attacks including phishing, DoS, and Man-in-the-Middle attacks. Understand how these attacks function, their impacts, and the methods used by attackers. This quiz will help solidify your understanding of cybersecurity threats.